The following warnings occurred: | ||||||||||||||||||||||||
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
|
Confirm Admin Password - Printable Version +- UserSpice (https://userspice.com/forums) +-- Forum: Miscellaneous (https://userspice.com/forums/forumdisplay.php?fid=28) +--- Forum: Modifications and Hackery (https://userspice.com/forums/forumdisplay.php?fid=29) +--- Thread: Confirm Admin Password (/showthread.php?tid=427) |
Confirm Admin Password - mudmin - 01-20-2017 No problem. So there are two ways to handle this... In PHP, I would think you could do... Code: $actual_link = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; Then you might have to do some escaping and then pass that as a $_GET variable to the login page. So something like Code: Redirect::to('login.php?FROM='.$actual_link); Then when you are processing login do Code: $from = Input::get('FROM'); Then pass that off to the custom login script and Code: if(!empty($from)){ Code: Redirect::to($from); Code: } But I think I wrote a javascript snippet that I think works better. Here's how it works. Replace your usersc/scripts/custom_login_script.php with the text of this file... https://hastebin.com/apivosuwit.xml When you are logged in, the userspice calls the login script. The login script has a function that will essentially hit the back button twice in your browser. Then it just automatically invokes the function. Confirm Admin Password - mudmin - 01-20-2017 If you want to test it... 1. Logout. 2. Click the register button. 3. Click the login button. 4. Login. 5. Notice that you'll be redirected to the register page after logging in. Confirm Admin Password - Brandin - 01-20-2017 You work wonders mudmin! Thank you! This is a great feature! Confirm Admin Password - mudmin - 01-20-2017 haha. Glad it worked. I know it's kind of a backwards way of doing things, but it works really nice from the front end. Confirm Admin Password - Brandin - 03-09-2017 So, I got this working great, but I want to take it one step further to automate it. I've added "adminverify" column to the table, default value of 0, and I want to move my "verifyadmin" call to the header or navigation, wherever you think is best (I'm thinking header). I want when a user visits a page, before it outputs content to check if the page name (e.g. admin.php) has a adminverify column value of 1, IF it does, call the function, if not, it just does its thing as per usual. Function: https://hastebin.com/agexojiwas.php Call on Page: Code: <?php verifyadmin($user->data()->id) ?> Confirm Admin Password - mudmin - 03-09-2017 I don't think you need the extra column in the database for the. Since permission level 2 is admin (or you can make any other permission you want to set) is already taken care of by userspice. So all you have to do is if(hasPerm([2],$user->data()->id)){ Code: //run function here. Code: } Now...where to put that line of code. I would put it in usersc/includes/navigation.php That will get it up in the header but prevent it from being overwritten by our updates. Confirm Admin Password - Brandin - 03-10-2017 Hey Mudmin, I want to manually set certain pages to require authentication. Like the dashboard stuff, and a couple other sections, but for example, if I have "Manager" permission set, there could be pages in the Managers portal I want verification performed on, and some not, which is why I am adding this extra column. Thank you. Confirm Admin Password - mudmin - 03-11-2017 Yep. So that code could easily sit at the top of those pages that you want the authentication. Sounds cool. Also, note that I pushed out 4.2.3 to fix some minor security issues. Confirm Admin Password - Brandin - 03-11-2017 Mudmin, My reasoning was to make it so I can code one thing to put in navigation.php that will run this function, check the admin_verify column for the page name. I can handle the whole actual function part, except for how to get the function to get me a value from the pages DB. E.g. user visits admin_users.php and it has a admin_verify value of 1, it completes the function, but how can I get the function to check the DB and output that value of 0 or 1? Thank you! And I noticed that, I patched mine Very easy! Confirm Admin Password - mudmin - 03-11-2017 Absolutely. So you can make a database table of all pages that need to check for additional authentication. You could even add another column to the "pages" table you already have and call it something like req_auth and put a 1 or 0. |